Nerds, come hither!

What to do if your website is hacked. 5 Steps to sanity.

So you got hacked?

Don’t panic. There are things you can do to prevent (or at least drastically reduce) the chances of being hacked, but right now, you have to deal with what is happening. AFTER this is all resolved, then you can take the steps to prevent it in the future.

There are a lot of ways this could have happened. Some of the most common:

Someone gained access to your site by either guessing or using program to “guess” your password

Some sort of malware was used to gain entry. You thought it was harmless, but it actually opened a door for the hacker to get in

A bug or flaw in your website was used to gain entry

You might have noticed you were hacked in various ways. Your site went down, you were notified by Google or your hosting provider, your site is up but has changed, your site is rerouted to another site, etc. However you’ve become aware of the hack, it’s important to act quickly.

Step 1: Contact your hosting provider

Your hosting provider might already be aware of the attack and might be resolving it. They may be able to see which file(s) are infected, and how to eliminate or clean them. Contacting your hosting provider is the first step to rule out a more wide spread issue, and to get any assistance they can provide. This is where your hosting provider will show their true colors.

Step 2: Check your local computer for viruses

You might have infected your site through your own computer. Run an UPDATED virus scan on your location computer to see if anything pops up. If you’re using an old version, that’s really not going to help you. Malicious software thrives on attacking systems that have not been kept up to date. Software is flawed – it has bugs and loopholes. Updating patches these regularly. You know who pays really close attention to the security patches that come out for major software like Windows, OS X & WordPress??? HACKERS! And when they see what the patch is patching, they write software to take advantage of that loophole on systems that haven’t been updated. So ——- run a scan with an UPDATED virus scan software. If you find something, time to start researching that specific virus to see if it could be the cause.

Step 3: The technical part

You need to review your website files to see what is infected. The infection could be something that was added to exiting files, or it could be brand new files added to your sites directory. You will need knowledge of what should or shouldn’t be there for this to be effective. So if you don’t have that knowledge, it’s time to reach out to a developer that can look at what is going on. Only finding the root cause of the infection is effective in stopping it from happening again. You can delete 100 infected files, but if there were 101, your site will be back to its “hacked” state in just a few hours.

Step 4: Be ready to revert to a backup

You don’t have a backup!?!? Oh good – you do. I must have heard you wrong for a second. We’ll, good thing you’ve kept it up to date as well. If you’re unable to remove the infection manually, you might need to completely uninstall your site (including the platform software it might be sitting on – like WordPress) and upload your backup.

Step 5: Change everything

It’s possible that you were specifically targeted and someone used unbelievably sophisticated methods to gain access to your site. If you’re this important, you’re probably driven around in blacked out Escalades and wear a suit to bed — and you certainly shouldn’t be getting security advice from a blog! If you’re not that important, then this probably isn’t what happened. You probably had a weak password, you didn’t keep your software updated, or you opened a malicious file or link when you didn’t know what it was or where it was coming from.

So….change all of your passwords. Make them difficult. Random letters, numbers & symbols are the best. Try creating some sort of pattern on your keyboard of letters & numbers & symbols you can follow (like drawing an arrow with your keys) or something like that. It’s totally random, but can be somewhat easy to remember.

Update all software. Your local operating system, and any software running your website.

Don’t open anything you that is questionable in any way. It sounds simple, but you’d be amazed how many people open ZIP files because they have an important sounding name like “invoice” or “purchase confirmation” or something like that. If you’re not expecting it, don’t open it.